Confusion reigns supreme as GDPR draws closer

GDPR might do a better job at protecting the data of EU-based internet users, but before it achieves that, it may well also greatly confuse the living hell out of businesses all over the world.

That is the general conclusion of a new report by Trend Micro, which claims that with just six months to go before GDPR kicks in, there are things in it businesses can't agree on.

For example, GDPR mentions businesses will need to meet “state of the art security requirements”. But what exactly does this mean? According to Trend Micro, 30 per cent think it means buying solutions from established market leaders. For 17 per cent, it means buying solutions that passed independent third-party tests. Another 16 per cent believes it’s the products that rate highest on analysts reports, and 14 per cent think it’s about start-ups offering innovative technology.

“There are many hurdles for businesses to overcome in establishing GDPR compliance – trying to demystify what ‘State of the Art’ means is but another challenge on the list,” said Bharat Mistry, principal security strategist for Trend Micro. “Regulatory enforcement bodies should offer further clarification on what ‘State of the Art’ means, so businesses can ensure they’re not stepping into a fine once May 2018 arrives.”

And that’s not all. There are also hurdles regarding timelines to informing regional Data Protection Authorities, purchasing priorities, as well as educating employees.